Visual Studio Update 4 broke IIS Express' ability to request client certificates

In an effort to get back to my status before I stupidly applied Update 4 I did the following:

•I did an uninstall of VS Pro 2012 Update 4.  However this resulted in the incapacity of VS 2012 to open any project.  They were all reported as "incompatible"
•I did a repair of VS Pro 2012.   Same situation.
•I installed Update 3 of Visaul Studio Pro 2012.  Same situation.
•I did an additional repair of VS Pro 2012.  This time project were able to open.
•Ran MVC SSL project.  Certificates not requested which causes project to fail because no certificates were supplied.
•Ran Web Forms SSL project. Cerfitcates not requested which again causes project to fail because no certificates were supplied.
•Tried to create new web forms project.  Attempt fails with error message below.

Error: this template attempted to load component assembly 'NuGet.VisualStudio.Interop, Version=1.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'.  For more information on this problem and how to enable this template see documentation on Customizing Project Templates.

Again I checked both the applicationhost.config in my profile and the one under Program Files\IIS Express\AppServer
Neither of them had been changed.

I am thinking my next step is to totally uninstall VS 2012 and IIS Express, and do the reinstall from the disk and then apply Update 3.

Uninstalled IIS Express.  Uninstalled Visual Studio 2012.  Installed VS 2012 rtmrel from disk, which included IIS express.  Deleted old applicationhost.config files.  Generated new Web Forms project.  Opened fine.  Open new applicationhost.config file.  Made the changes below:

            <!-- If the user is using SSL and has a client certificate, use it -->
          <access sslFlags="SslNegotiateCert" />
AND
                <iisClientCertificateMappingAuthentication enabled="true">
                </iisClientCertificateMappingAuthentication>

Changed the new web forms project to use SSL and to use the https://localhost:43300/  URL.  ran project. Did not ask for client certs.  Ran project in SSL whose only purpose is to read
all of server variables.  No certifcate information passed.

This is already the second question concerning this issue.  I have yet to get an answer from any of the experts, despite admistrative assistance.

I will do it like that.  The reason I stated it as I did was because I felt sure this must have happened to someone else before when they installed Update 4.

How about the follwoing as a title
"How to undo changes to IIS Express caused by VS 2012 Update 4"

or
"Need to restore IIS Express' ability to request client certificates."

Based on all of my reading, (and I've read seemingly everything that is out there),  I've done everything required to get IIS Express to read client certs.  By all their reports it should be working now.  So I don't want to get a bunch of answers telling me to do the things I've already done, and then cause an expert with the real answer to shy away due to all of the activity on the question.

So i will go with one of those generic titles that mentioned above.  Thank you for your help and advice.
(p.s. I will leave this question open in case someone even at this late date runs across it, or is having the same issue.)

Thanks.very very much.  I will leave this question open for a couple of days before carrying out the re-do mentioned above.

I see a lot of posts about this question, but I fail to see anything sent to Microsoft to suggest that this might be a breaking change in 2012 Update 4.  My suggestion would be to report this as a bug.

If you have already reported the problem as a bug, and I failed to recognize that fact, this is a very detailed problem that might be because of a small change to a configuration file, such as the applicationhost.config.

I only use IIS Express with a very small number of web sites, most of which are legacy ASP.NET 2.0 web sites.  I usually use IIS with Windows 2008 Server R2.  Was there a specific reason to use IIS Express?  Do you have this issue with the full IIS version?

How are you debugging this issue?  This information will help understand your problem space, and maybe get a glimpse into your environment.

@Bob_Learned
You've seen other posts from other people? Did they ever manage to fix the issue?  We called Microsoft Support to open a support case on Monday 5/12/2014.  The person who took the call stated I need to check something with someone I will call you back in a couple of minutes.  Three days later he has still not called back.  I have not reported it as a bug because I don't know that it is.  It  may be that this behavior was by intent.   In which case I would really like to undo it.  As seen above I already uninstalled first Update 4 and then the whole of VS 2012 and IIS Express, and resinstalled from the rtmrel.  But this did not fix it.

My Development Environment:  I am developing on Windows 7.  The Navy does not permit the installation of regular IIS on its workstations.  They made some changes that prevent the attempt to install it from successfully completing.   The reason for using IIS Express rather than the Visual Studio Development server is to run in SSL and read the client certificates from whatever CAC card has logged into the machine.

How am I debugging the issue?  As stated above I reinstalled VS 2012 from scratch (including IIS Express) and made new applicationhost.config by opening a new web Forms project.  I then made the specified changes to the  new applicationhost.config to require client certificates and changed the project to an SSL project.  Certificates were not requested.  I then ran a web forms project that was created to print out all header information and server variables while running in SSL.  No client certificates were requested, none of the client certificate server variables were populated.

I think that they are the same posts from you about the same issue.  

I looked over the post here.  I shouldn't have assumed that the configuration process was repeated after IIS Express was reinstalled.  I see that you have, and it didn't help.

What version of IIS Express is installed?

If you have an open support case, and someone at Micro$oft doesn't support you, then I would try to find another person who will.  Good customer support means keeping in touch with the customer, even if you don't have a resolution for their problem.

Is the only indication that you have a problem, that you don't get a certificate requested?  Are there are any exceptions in the Event Log?

What type of project are you working with?  The post you linked to talked about a Windows Phone 7 project.

version of IIS Express is 8.0.1557
The MS support person never even got to the point of opening the support ticket.  That was most annoying. He was having problems establishing a support ticket so it seems he just quit. As I had some other difficulties Iwas addressing at the time I have not taken time to pursue this.  Now I have some time and I intend to do something about it.  

There are no events in the event log.
 I am working on a Visual Studio 2012 MVC 4 EF 5 project.

I would relate your experience with the Support person to someone at Microsoft.  That is not the way that customer support is supposed to work.  This is one of those crucial situations that you need the product experts to tell you what the problem is.

Thank you O Leanerd One ;-)  How are your standard IIS and VBox skills.  My boss has suggested installing Windows 2008 R2 server on a VM on my machine.  Then i could deploy not only the finished app there for testing but as I recall I could also place my development project out there and reference it from VS 2012 (at least that is the way it used to work in VS 2003.  I have not had occasion to do that for many years.)

That is the only way that I do development work these days.  My laptop has horrible encryption software, which slows development down, so I have 3 different 2008 R2 VMs for different configurations, and distributed load testing.  It is a lot faster, and cleaner, since I don't need to worry about having software installed locally.

O Learned One;
I nned you help.  When I go out to the MS support to get a phone number Now I get the below page

https://support.microsoft.com/gp/oassiteerror 


To add "Support Site" to the trusted sites zone, follow these steps:

1.On the Tools menu in Internet Explorer, click Internet Options.
2.Click the Security tab.
3.Click the Trusted Sites icon, and then click Sites.
4.Click to clear the Require server verification check box.
5.Check whether http://support.microsoft.com is listed in your trusted sites. If it is listed, type http://oas.support.microsoft.com, and then click Add.
6.Check whether https://support.microsoft.com is listed in your trusted sites. If it is listed, type https://oas.support.microsoft.com, and then click Add.
7.Close all dialog boxes, and then refresh the browser window.

Unfortunately we are not able to add sites to our trusted sites as that capability has been disabled in IE 8 for regular users and for user with admin rights the capability to open IE 8 has been removed.

So I tried using Firefox.  This time I get

http://support.microsoft.com/error.aspx?aspxerrorpath=/oas/default.aspx

Sorry, the page you requested is not available.

The page you were looking for is currently not available. The address may not be correct, or there may be a temporary problem with this site. Please try one of the following options:

    Check the address for typing errors.
    Click the Back button and try a different option from the navigation menu.
    Try this page again later.

For additional assistance, try one of the pages below:

    Home
    Go to the Microsoft Help and Support site
    Product Support Center (FAQs and Highlights)
    Review common support questions, issues, and new information for Microsoft products.
    TechNet
    Search the online support site that provides detailed "how-to" information for IT professionals concerning Microsoft products.
    MSDN
    Search the online support site that provides detailed information for development professionals concerning Microsoft products.

Can you get me a number for MS support?  (Meanwhile I will put an entry into the TechNet forum.)

You might be able to find what you need here:

http://msdn.microsoft.com/en-us/subscriptions/bb266240.aspx

1-800-936-4900

O was able to get one whoich I am copying here for future reference  1-800-936-4900

Thanks Bob.

My laptop has horrible encryption software,

Same here.  

so I have 3 different 2008 R2 VMs for different configurations, and distributed load testing.  It is a lot faster, and cleaner, since I don't need to worry about having software installed locally.

But if the VMs are installed on you laptop, you still have to install the software on your laptop although it is actually existing on the VM.  
The question I have though is the connection through the interface.  I had difficulty connecting via SSL to the IIS 6.0 set up on the Windows Server 2003 installation on this VM.  I could connect regularly but the deployed application would not work correctly unless Certificate information was requested and passed in, and when I tried to connect using SSL all I got was "Internet Explorer can not dispaly web page."  Whereas without SSL I got our custom "Certificate Information not provided" error.  Is there something I am missing in the setup of the VM?

The VMs are on a blade server, so I don't have that problem.  

I use Terminals to connect to the VM.

Terminals
https://terminals.codeplex.com/

What type of certificates are you using?

And that is our problem, we don't have access to a real server.  We have to use VMs on our local machines to emulate deployment to a server, as well as connecting to the database on a server remote from the web server.

What software are you using for Virtual Machines?

The certs that are embedded in our CAC cards.  (Computer Access Cards).  ActivIdentity reads the CAC card and copies the cert to the client machine.  Then when a DoD server is hit its IIS request a certificate and thr browser displays all the locally stored certificates for the user logged in on that client machine (who logs in using the CAC card).  For most DoD servers there is displayed the meail certs and the identifying certs.  But for some they are only configured to ask for the identifying certs. (I don't know how they did that since every setup I've made requests both certs.)  As stated above, in the applicationhost.config file the settting that gets IIS Express to request these certs is the access element on that file

<access sslFlags="SslNegotiateCert" />

Select all Open in new window

This worked fine until VS 2012 Update 4 was installed.  

I don't know how to config IIS 6.0 to request these certs.  But seemingly I cannot connect to IIS 6.0 via SSL over the VM boundary, although that is not an issue when you don't use SSL.

Oracle VBox  4.2.16

Configuration IIS 6 has been quite a while for me, so this will be a trip down memory lane (albeit a fuzzy one)...

1) Configuring SSL on a Web Server or Web Site (IIS 6.0)
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/56bdf977-14f8-4867-9c51-34c346d48b04.mspx?mfr=true

2) Enabling Client Certificates in IIS 6.0 (IIS 6.0)
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/096519f4-3079-4571-9d28-8e5d286c5ab9.mspx?mfr=true

3) Mapping a Specific Client Certificate to a User Account (IIS 6.0)
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/d4957ac9-889e-4292-b015-8f3ab83952c6.mspx?mfr=true

You should be able to configure the virtual machine for networking.

Chapter 6. Virtual networking
http://www.virtualbox.org/manual/ch06.html

2) Enabling Client Certificates in IIS 6.0 (IIS 6.0)
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/096519f4-3079-4571-9d28-8e5d286c5ab9.mspx?mfr=tru

Ha! Turns out I already had it configured as a SSL and to request client certs.  (Must of read that article back in February when I was figure out a way to deploy to our remote Test servers at the Data Center.  

My VM is configured for networking.  That is how I connect to the SQL Server, and to Report Manager on that Virtual server using this URL
http://cpvfssql200364/Reports_SQL_2008R2_64/Pages/Folder.aspx

Now I am trying to connect to the "Non-Default" named Web site on that server which I created especially to hold these new SSL web apps.
However it appears I have forgotten how to connect to the named web site.   I tried http://cpvfssql200364/TestProc40/TestGDLL/default.aspx where TestProc40 is the name of the named web site,  http://cpvfssql200364:81/TestGDLL/default.aspx where 81 is the port of the named web site, and I tried http://cpvfssql200364:81/TestProc40/TestGDLL/default.aspx .
But each of those returns 404.  Just for fun and giggles I connected to ReportManager using http://cpvfssql200364/Reports_SQL_2008R2_64/Pages/Folder.aspx and that worked fine.  But of course that is sitting on the Default

Are you trying to connect to the web sites from outside the VM, or inside, when you get a 404 error?

Outside the VM

BRB
 going to lunch
 (its 1:24 PM here).

BTW Finally go through to to MS Support who opened a ticket.  Then someone called me back to get more detail to determine the engineer to submit this to.  So I am finally getting some movement out of MS (I swear they are as slow as the DoD).

Th MS support "Engineer" spent 3 hours to only succeed in carrying out Jason Shaver's part 1, http://www.jasonrshaver.com/post/2011/09/28/WP7-Client-Certificates-Part-1-(Setting-Up-IIS-Express).aspx  which added the localhost certificate created by IIS Express to the Trusted Certificate repository.  This only succeeded in preventing the "There is a problem with this website's security certificate."  certificate page from opening. It still did nothing to get IIS Express to request client certificates.

If the Tier 1 support engineer was not able to help you, you should have the issue escalated to a higher tier.

Supposedly that is to occur but I have to wait 22 hours before that happens.

This was the solution provided by Microsoft Support. As to whether it was the solution that should have been provided I don't know.  But it worked.